Only 802.1X

This scenario shows how to configure the only-802.1x authentication mode.

../../../../../_images/topologydut0dut1.svg

Test Successful 802.1x Authentication

Description

This scenario shows how to configure 802.1x-only authentication. DUT1 uses the correct username and password.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set interfaces ethernet eth2 address 192.168.100.1/24
set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2
set interfaces ethernet eth2 authenticator aaa authentication list1
set interfaces ethernet eth2 authenticator log-level debug
set interfaces ethernet eth2 authenticator mode only-802.1x
set interfaces ethernet eth2 authenticator quiet-period 60
set interfaces ethernet eth2 authenticator reauth-period 0
set system aaa group radius radgroup1 server serv1
set system aaa list list1 method 1 group radius radgroup1
set system aaa server radius serv1 address 10.215.168.1
set system aaa server radius serv1 encrypted-key U2FsdGVkX1+YSVp0G4mRdeLN3P9fkWdo3dCETpbeolIbs3CyTamkZ7I4phrMLNbSONUHYEp9hBbaoXSJhLGiKQ==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.274 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.274/0.274/0.274/0.000 ms

Step 3: Set the following configuration in DUT1 :

set interfaces ethernet eth2 address 192.168.100.2/24
set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1+Rd3AAdfHcVjCupx7OW/5Qd87RirUn4mg=
set interfaces ethernet eth2 supplicant username testing
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Run command interfaces ethernet eth2 supplicant show status at DUT1 and check if output contains the following tokens:

Authorized
Show output
---------------------------------------------------
        Field                      Value
---------------------------------------------------
EAP State                                   SUCCESS
EAP TLS Cipher          ECDHE-RSA-AES256-GCM-SHA384
EAP TLS Version                             TLSv1.2
PAE State                             AUTHENTICATED
Supplicant Port Status                   Authorized
WPA State                                 COMPLETED

Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:

Port Status\s+Authorized
Show output
-------------------------------
       Field           Value
-------------------------------
EAPoL Frames (Rx)            11
EAPoL Frames (Tx)            11
Invalid Frames (Rx)           0
Logoff Frames (Tx)            0
Port Status          Authorized
Req Frames (Rx)               9
Req ID Frames (Rx)            1
Resp Frames (Tx)             10
Start Frames (Tx)             1

Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:

Authentication Successes\s+1
Authentication Mode\s+802\.1X
Show output
---------------------------------------------
         Field                   Value
---------------------------------------------
Access Challenges                           9
Authentication Backend                 RADIUS
Authentication Failures                     0
Authentication Mode                    802.1X
Authentication Status     Authorized (802.1X)
Authentication Successes                    1
EAPoL frames (Rx)                          11
EAPoL frames (Tx)                          11
Quiet Period                               60
Reauthenticate                          FALSE
Reauthenticate Period                       0
Session Time                                0
Session User MAC            de:ad:be:ef:6c:12
Session User Name                     testing

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1
Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.294 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.294/0.294/0.294/0.000 ms

Step 8: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:

IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Show output
Feb 19 07:44:43.557090 osdx hostapd[42529]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported.
Feb 19 07:44:43.557104 osdx hostapd[42529]: eth2: RADIUS Authentication server 10.215.168.1:1812
Feb 19 07:44:43.557427 osdx hostapd[42529]: connect[radius]: Network is unreachable
Feb 19 07:44:43.557141 osdx hostapd[42529]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2
Feb 19 07:44:43.557144 osdx hostapd[42529]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode
Feb 19 07:44:43.584941 osdx hostapd[42529]: Discovery mode enabled on eth2
Feb 19 07:44:43.585029 osdx hostapd[42529]: eth2: interface state UNINITIALIZED->ENABLED
Feb 19 07:44:43.585029 osdx hostapd[42529]: eth2: AP-ENABLED
Feb 19 07:44:46.907300 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added
Feb 19 07:44:46.907317 osdx hostapd[42530]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode
Feb 19 07:44:46.928983 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication
Feb 19 07:44:46.929007 osdx hostapd[42530]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames
Feb 19 07:44:46.929021 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA
Feb 19 07:44:46.929031 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port
Feb 19 07:44:46.929038 osdx hostapd[42530]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication
Feb 19 07:44:46.929057 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 43)
Feb 19 07:44:46.929408 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=43 len=12) from STA: EAP Response-Identity (1)
Feb 19 07:44:46.929420 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'testing'
Feb 19 07:44:46.929445 osdx hostapd[42530]: eth2: RADIUS Authentication server 10.215.168.1:1812
Feb 19 07:44:46.931280 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.931306 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.931530 osdx hostapd[42530]: eth2: RADIUS Received 80 bytes from RADIUS server
Feb 19 07:44:46.931536 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.931541 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.931560 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=44 len=22) from RADIUS server: EAP-Request-MD5 (4)
Feb 19 07:44:46.931566 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 44)
Feb 19 07:44:46.931775 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=44 len=6) from STA: EAP Response-unknown (3)
Feb 19 07:44:46.931812 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.931826 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.932005 osdx hostapd[42530]: eth2: RADIUS Received 64 bytes from RADIUS server
Feb 19 07:44:46.932010 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.932014 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.932032 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=45 len=6) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.932039 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 45)
Feb 19 07:44:46.932336 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=45 len=194) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.932373 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.932386 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.933347 osdx hostapd[42530]: eth2: RADIUS Received 1068 bytes from RADIUS server
Feb 19 07:44:46.933354 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.933357 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.933382 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=46 len=1004) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.933388 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 46)
Feb 19 07:44:46.933570 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=46 len=6) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.933619 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.933632 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.933752 osdx hostapd[42530]: eth2: RADIUS Received 229 bytes from RADIUS server
Feb 19 07:44:46.933756 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.933759 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.933774 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=47 len=171) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.933779 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 47)
Feb 19 07:44:46.935190 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=47 len=103) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.935238 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.935250 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.935553 osdx hostapd[42530]: eth2: RADIUS Received 115 bytes from RADIUS server
Feb 19 07:44:46.935559 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.935563 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.935580 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=48 len=57) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.935586 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 48)
Feb 19 07:44:46.935860 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=48 len=6) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.935913 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.935967 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.936069 osdx hostapd[42530]: eth2: RADIUS Received 98 bytes from RADIUS server
Feb 19 07:44:46.936075 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.936079 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.936096 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=49 len=40) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.936103 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 49)
Feb 19 07:44:46.936314 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=49 len=43) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.936366 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.936382 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.936545 osdx hostapd[42530]: eth2: RADIUS Received 131 bytes from RADIUS server
Feb 19 07:44:46.936551 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.936555 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.936571 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=50 len=73) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.936578 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 50)
Feb 19 07:44:46.936916 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=50 len=97) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.936962 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.936976 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.937214 osdx hostapd[42530]: eth2: RADIUS Received 140 bytes from RADIUS server
Feb 19 07:44:46.937220 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.937225 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.937241 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=51 len=82) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.937249 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 51)
Feb 19 07:44:46.937482 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=51 len=37) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.937537 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.937582 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.937756 osdx hostapd[42530]: eth2: RADIUS Received 104 bytes from RADIUS server
Feb 19 07:44:46.937765 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.937770 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.937797 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=52 len=46) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:46.937805 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 52)
Feb 19 07:44:46.938060 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=52 len=46) from STA: EAP Response-PEAP (25)
Feb 19 07:44:46.938112 osdx hostapd[42530]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:46.938127 osdx hostapd[42530]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:46.938345 osdx hostapd[42530]: eth2: RADIUS Received 175 bytes from RADIUS server
Feb 19 07:44:46.938352 osdx hostapd[42530]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:46.938357 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:46.938383 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: old identity 'testing' updated with User-Name from Access-Accept 'testing'
Feb 19 07:44:46.938388 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=3 id=52 len=4) from RADIUS server: EAP Success
Feb 19 07:44:46.938406 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 52)
Feb 19 07:44:46.938448 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authorizing port
Feb 19 07:44:46.938495 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 RADIUS: starting accounting session 15910B37A940D5B6
Feb 19 07:44:46.938500 osdx hostapd[42530]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)

Test Unsuccessful 802.1x Authentication

Description

This scenario shows how to configure 802.1x-only authentication. DUT1 uses an incorrect username.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set interfaces ethernet eth2 address 192.168.100.1/24
set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2
set interfaces ethernet eth2 authenticator aaa authentication list1
set interfaces ethernet eth2 authenticator log-level debug
set interfaces ethernet eth2 authenticator mode only-802.1x
set interfaces ethernet eth2 authenticator quiet-period 60
set interfaces ethernet eth2 authenticator reauth-period 0
set system aaa group radius radgroup1 server serv1
set system aaa list list1 method 1 group radius radgroup1
set system aaa server radius serv1 address 10.215.168.1
set system aaa server radius serv1 encrypted-key U2FsdGVkX185fF6nCpQ01r11YrHBn7NA5hMjtreK/pGWMJr9dR5FRnuKvKQzohuuOwOWFcHt9xp10h77zIIwkg==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.200 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.200/0.200/0.200/0.000 ms

Step 3: Set the following configuration in DUT1 :

set interfaces ethernet eth2 address 192.168.100.2/24
set interfaces ethernet eth2 supplicant encrypted-password U2FsdGVkX1+eXZwuHnd4dqk8jrMzG+9YhAXQ4TbKPXE=
set interfaces ethernet eth2 supplicant username wrong
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:

Port Status\s+Unauthorized
Show output
---------------------------------
       Field            Value
---------------------------------
EAPoL Frames (Rx)               0
EAPoL Frames (Tx)               0
Invalid Frames (Rx)             0
Logoff Frames (Tx)              0
Port Status          Unauthorized
Req Frames (Rx)                 0
Req ID Frames (Rx)              0
Resp Frames (Tx)                0
Start Frames (Tx)               0

Step 5: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:

Port Status\s+Unauthorized
Show output
---------------------------------
       Field            Value
---------------------------------
EAPoL Frames (Rx)               9
EAPoL Frames (Tx)              10
Invalid Frames (Rx)             0
Logoff Frames (Tx)              0
Port Status          Unauthorized
Req Frames (Rx)                 8
Req ID Frames (Rx)              1
Resp Frames (Tx)                9
Start Frames (Tx)               1

Step 6: Run command interfaces ethernet eth2 supplicant show stats at DUT1 and check if output matches the following regular expressions:

Port Status\s+Unauthorized
Show output
---------------------------------
       Field            Value
---------------------------------
EAPoL Frames (Rx)              10
EAPoL Frames (Tx)              10
Invalid Frames (Rx)             0
Logoff Frames (Tx)              0
Port Status          Unauthorized
Req Frames (Rx)                 8
Req ID Frames (Rx)              1
Resp Frames (Tx)                9
Start Frames (Tx)               1

Step 7: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:

Authentication Failures\s+[1-9]\d?
Show output
-------------------------------------------
         Field                  Value
-------------------------------------------
Access Challenges                         8
Authentication Backend               RADIUS
Authentication Failures                   1
Authentication Mode                     N/A
Authentication Status          Unauthorized
Authentication Successes                  0
EAPoL frames (Rx)                        10
EAPoL frames (Tx)                        10
Quiet Period                             60
Reauthenticate                        FALSE
Reauthenticate Period                     0
Session Time                              0
Session User MAC          de:ad:be:ef:6c:12
Session User Name                       N/A

Step 8: Expect a failure in the following command: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1
Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Step 9: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:

IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
Show output
Feb 19 07:44:54.287926 osdx hostapd[43046]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported.
Feb 19 07:44:54.287938 osdx hostapd[43046]: eth2: RADIUS Authentication server 10.215.168.1:1812
Feb 19 07:44:54.288171 osdx hostapd[43046]: connect[radius]: Network is unreachable
Feb 19 07:44:54.287977 osdx hostapd[43046]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2
Feb 19 07:44:54.287980 osdx hostapd[43046]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode
Feb 19 07:44:54.303784 osdx hostapd[43046]: Discovery mode enabled on eth2
Feb 19 07:44:54.303860 osdx hostapd[43046]: eth2: interface state UNINITIALIZED->ENABLED
Feb 19 07:44:54.303860 osdx hostapd[43046]: eth2: AP-ENABLED
Feb 19 07:44:57.499096 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added
Feb 19 07:44:57.499110 osdx hostapd[43047]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode
Feb 19 07:44:57.515866 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication
Feb 19 07:44:57.515897 osdx hostapd[43047]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames
Feb 19 07:44:57.515923 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAPOL-Start from STA
Feb 19 07:44:57.515937 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port
Feb 19 07:44:57.515944 osdx hostapd[43047]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication
Feb 19 07:44:57.515966 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 25)
Feb 19 07:44:57.516391 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=25 len=10) from STA: EAP Response-Identity (1)
Feb 19 07:44:57.516410 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: STA identity 'wrong'
Feb 19 07:44:57.516440 osdx hostapd[43047]: eth2: RADIUS Authentication server 10.215.168.1:1812
Feb 19 07:44:57.518282 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.518312 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.518564 osdx hostapd[43047]: eth2: RADIUS Received 80 bytes from RADIUS server
Feb 19 07:44:57.518570 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.518575 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.518593 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=26 len=22) from RADIUS server: EAP-Request-MD5 (4)
Feb 19 07:44:57.518600 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 26)
Feb 19 07:44:57.518857 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=26 len=6) from STA: EAP Response-unknown (3)
Feb 19 07:44:57.518909 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.518923 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.519087 osdx hostapd[43047]: eth2: RADIUS Received 64 bytes from RADIUS server
Feb 19 07:44:57.519092 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.519096 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.519109 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=27 len=6) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.519116 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 27)
Feb 19 07:44:57.519412 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=27 len=194) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.519443 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.519454 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.520444 osdx hostapd[43047]: eth2: RADIUS Received 1068 bytes from RADIUS server
Feb 19 07:44:57.520449 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.520452 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.520468 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=28 len=1004) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.520474 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 28)
Feb 19 07:44:57.520676 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=28 len=6) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.520737 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.520755 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.520906 osdx hostapd[43047]: eth2: RADIUS Received 229 bytes from RADIUS server
Feb 19 07:44:57.520911 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.520914 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.520929 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=29 len=171) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.520935 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 29)
Feb 19 07:44:57.522242 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=29 len=103) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.522297 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.522312 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.522625 osdx hostapd[43047]: eth2: RADIUS Received 115 bytes from RADIUS server
Feb 19 07:44:57.522630 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.522633 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.522650 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=30 len=57) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.522657 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 30)
Feb 19 07:44:57.522888 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=30 len=6) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.522927 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.522938 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.523054 osdx hostapd[43047]: eth2: RADIUS Received 98 bytes from RADIUS server
Feb 19 07:44:57.523060 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.523064 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.523079 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=31 len=40) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.523085 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 31)
Feb 19 07:44:57.523205 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=31 len=41) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.523238 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.523248 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.523424 osdx hostapd[43047]: eth2: RADIUS Received 131 bytes from RADIUS server
Feb 19 07:44:57.523431 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.523436 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.523459 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=32 len=73) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.523467 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 32)
Feb 19 07:44:57.523725 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=32 len=95) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.523779 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.523793 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:57.523963 osdx hostapd[43047]: eth2: RADIUS Received 104 bytes from RADIUS server
Feb 19 07:44:57.523968 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:57.523972 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:57.523986 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=1 id=33 len=46) from RADIUS server: EAP-Request-PEAP (25)
Feb 19 07:44:57.523992 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 33)
Feb 19 07:44:57.524132 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: received EAP packet (code=2 id=33 len=46) from STA: EAP Response-PEAP (25)
Feb 19 07:44:57.524164 osdx hostapd[43047]: eth2: RADIUS Sending RADIUS message to authentication server
Feb 19 07:44:57.524174 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 1 seconds
Feb 19 07:44:58.524261 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Resending RADIUS message (id=8)
Feb 19 07:44:58.524298 osdx hostapd[43047]: eth2: RADIUS Next RADIUS client retransmit in 2 seconds
Feb 19 07:44:58.524459 osdx hostapd[43047]: eth2: RADIUS Received 44 bytes from RADIUS server
Feb 19 07:44:58.524462 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:58.524466 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Feb 19 07:44:58.524510 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: decapsulated EAP packet (code=4 id=33 len=4) from RADIUS server: EAP Failure
Feb 19 07:44:58.524534 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 33)
Feb 19 07:44:58.524548 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port
Feb 19 07:44:58.524552 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
Feb 19 07:44:58.524555 osdx hostapd[43047]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Authentication failed, enforcing quiet period (60 seconds)
Feb 19 07:44:58.524559 osdx hostapd[43047]: eth2: RADIUS Received 44 bytes from RADIUS server
Feb 19 07:44:58.524562 osdx hostapd[43047]: eth2: RADIUS Received RADIUS message
Feb 19 07:44:58.524569 osdx hostapd[43047]: eth2: RADIUS No matching RADIUS request found (type=0 id=8) - dropping packet

Test Unsupported 802.1x Authentication

Description

This scenario shows how to configure 802.1x-only authentication. DUT1 does not support 802.1x authentication.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set interfaces ethernet eth2 address 192.168.100.1/24
set interfaces ethernet eth2 authenticator 802.1x max-retransmissions 2
set interfaces ethernet eth2 authenticator aaa authentication list1
set interfaces ethernet eth2 authenticator log-level debug
set interfaces ethernet eth2 authenticator mode only-802.1x
set interfaces ethernet eth2 authenticator quiet-period 60
set interfaces ethernet eth2 authenticator reauth-period 0
set system aaa group radius radgroup1 server serv1
set system aaa list list1 method 1 group radius radgroup1
set system aaa server radius serv1 address 10.215.168.1
set system aaa server radius serv1 encrypted-key U2FsdGVkX1/56hJ2/4le0E4KqLD1zzHXIVspMSwwmDhNFYFMbxEBil0JibXaHHaTs3xCHXJnfEmjv70OAy+W1w==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1
Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.196 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.196/0.196/0.196/0.000 ms

Step 3: Set the following configuration in DUT1 :

set interfaces ethernet eth2 address 192.168.100.2/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:

EAPoL frames \(Rx\)\s+0
EAPoL frames \(Tx\)\s+[1-9]+[0-9]*
Show output
-------------------------------------------
         Field                  Value
-------------------------------------------
Access Challenges                         0
Authentication Backend               RADIUS
Authentication Failures                   0
Authentication Mode                     N/A
Authentication Status          Unauthorized
Authentication Successes                  0
EAPoL frames (Rx)                         0
EAPoL frames (Tx)                         2
Quiet Period                             60
Reauthenticate                        FALSE
Reauthenticate Period                     0
Session Time                              0
Session User MAC          de:ad:be:ef:6c:12
Session User Name                       N/A

Step 5: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:

EAPoL frames \(Rx\)\s+0
EAPoL frames \(Tx\)\s+[1-9]+[0-9]*
Show output
-------------------------------------------
         Field                  Value
-------------------------------------------
Access Challenges                         0
Authentication Backend               RADIUS
Authentication Failures                   0
Authentication Mode                     N/A
Authentication Status          Unauthorized
Authentication Successes                  0
EAPoL frames (Rx)                         0
EAPoL frames (Tx)                         3
Quiet Period                             60
Reauthenticate                        FALSE
Reauthenticate Period                     0
Session Time                              0
Session User MAC          de:ad:be:ef:6c:12
Session User Name                       N/A

Step 6: Run command interfaces ethernet eth2 authenticator show stats at DUT0 and check if output matches the following regular expressions:

EAPoL frames \(Rx\)\s+0
EAPoL frames \(Tx\)\s+[1-9]+[0-9]*
Show output
-------------------------------------------
         Field                  Value
-------------------------------------------
Access Challenges                         0
Authentication Backend               RADIUS
Authentication Failures                   0
Authentication Mode                     N/A
Authentication Status          Unauthorized
Authentication Successes                  0
EAPoL frames (Rx)                         0
EAPoL frames (Tx)                         3
Quiet Period                             60
Reauthenticate                        FALSE
Reauthenticate Period                     0
Session Time                              0
Session User MAC          de:ad:be:ef:6c:12
Session User Name                       N/A

Step 7: Run command system journal show | grep "osdx hostapd" at DUT0 and check if output contains the following tokens:

IEEE 802.1X: EAP authentication timeout
Show output
Feb 19 07:45:08.383745 osdx hostapd[43568]: eth2: IEEE 802.11 Fetching hardware channel/rate support not supported.
Feb 19 07:45:08.383760 osdx hostapd[43568]: eth2: RADIUS Authentication server 10.215.168.1:1812
Feb 19 07:45:08.384060 osdx hostapd[43568]: connect[radius]: Network is unreachable
Feb 19 07:45:08.383797 osdx hostapd[43568]: eth2: IEEE 802.1X Initializing IEEE 802.1X: mode=802.1X, eap_server=0, eap_quiet_period=60, eap_max_retrans=2
Feb 19 07:45:08.383800 osdx hostapd[43568]: eth2: IEEE 802.1X IEEE 802.1X: Enabling packet capture discovery mode
Feb 19 07:45:08.407527 osdx hostapd[43568]: Discovery mode enabled on eth2
Feb 19 07:45:08.407608 osdx hostapd[43568]: eth2: interface state UNINITIALIZED->ENABLED
Feb 19 07:45:08.407608 osdx hostapd[43568]: eth2: AP-ENABLED
Feb 19 07:45:13.408181 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 DRIVER: Device discovered, triggering MAB authentication
Feb 19 07:45:13.408216 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: New STA de:ad:be:ef:6c:12 added
Feb 19 07:45:13.408223 osdx hostapd[43569]: eth2: IEEE 802.1X IEEE 802.1X: Disabling packet capture discovery mode
Feb 19 07:45:13.423538 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: start authentication
Feb 19 07:45:13.423561 osdx hostapd[43569]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: disabling transmission of periodic EAP-Request frames
Feb 19 07:45:13.423573 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: unauthorizing port
Feb 19 07:45:13.423579 osdx hostapd[43569]: eth2: STA 01:80:c2:00:00:03 IEEE 802.1X: Trying RADIUS authentication
Feb 19 07:45:13.423597 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 35)
Feb 19 07:45:16.426595 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 35)
Feb 19 07:45:21.072887 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'.
Feb 19 07:45:22.430553 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: Sending EAP Packet (identifier 35)
Feb 19 07:45:29.389421 osdx OSDxCLI[6022]: User 'admin' executed a new command: 'system journal show | grep "osdx hostapd"'.
Feb 19 07:45:34.440561 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: aborting authentication
Feb 19 07:45:34.440574 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 IEEE 802.1X: EAP authentication timeout - enforcing 60 second quiet period before retrying
Feb 19 07:45:34.440585 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DEAUTHENTICATE.indication(de:ad:be:ef:6c:12, 2)
Feb 19 07:45:34.440588 osdx hostapd[43569]: eth2: STA de:ad:be:ef:6c:12 MLME: MLME-DELETEKEYS.request(de:ad:be:ef:6c:12)